Two-factor authentication isn’t foolproof.

Using 2FA doesn’t guarantee that your site won’t be compromised, but it certainly raises the bar for anyone trying to gain access.

It’s kind of like The Club for your car. While a determined car thief might eventually be successful in getting your wheels, they’ll also be more inclined to move onto their next potential (and hopefully easier) target.

And so it goes with 2FA. With two-factor authentication enabled on your website, you’re making it harder for the bad guys to get in.

Two-factor authentication for WordPress

A default WordPress installation doesn’t come with two-factor authentication. That said, it’s pretty easy to beef up your WordPress security and enable 2FA. Here are a few plugins to make it happen.

(For the curious: We came up with this list by looking at how recently the plugins were updated, what the user ratings and reviews were like, and what documentation was available. We kept plugins that were out-of-date, poorly reviewed, or poorly documented off the list.)

Two-Factor Authentication

The Two-Factor Authentication plugin comes to us from the team behind Updraft Plus. It supports standard TOTP and HOTP protocols, so it plays nice with a variety of 2FA apps on both Android and iOS. You can set 2FA on a per-role and a per-user basis; it supports WooCommerce forms; and it’s WP Multisite compatible. The Premium version unlocks a bunch of additional features, as well.

Rublon

Rublon takes a different approach from most of the other two-factor authentication plugins mentioned in this list. Rather than sending you a one-time code via text message or mobile app, Rublon sends you an email to complete the login process. Once successfully logged in, Rublon remembers the device you logged in from.

The free version of the plugin enables 2FA for a single user account. For additional users, you’ll need to upgrade by contacting the Rublon sales team via email. If you’re not keen on dealing with 2FA every time you log in, Rublon might be worth a look.

Wordfence

Wordfence is another popular all-in-one security plugin for WordPress, and like iThemes Security Pro, the premium (paid) version of Wordfence adds support for two-factor authentication. You have two options for configuring 2FA in Wordfence: You can either use Google Authenticator, or you can get a one-time code sent to a phone number via SMS.

In my experience, choosing between iThemes Security and Wordfence as your all-in-one solution comes down to preference.

Just make sure you’re not running both security plugins at the same time.

So why are we including it in this list? Well, if you’re managing more than a few WordPress sites, ManageWP will make your life a lot easier. But if you’re controlling all of those sites in ManageWP, you should really make sure that your ManageWP account is as secure as possible.